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Abstract 

Binary  Moment  Diagrams  (HMDs)  provide  a  canonical  rqjresentations  for  linear  functions  sintilar  to  the 
way  Binary  Decision  Diagrams  (BDDs)  repfi^ent  Boolean  functions.  Within  the  ciass  of  linear  functions, 
we  can  embed  arbitary  functions  from  Boolean  variables  to  real,  rational,  or  integer  values.  BMDs  can 
thus  model  the  functionality  of  data  path  circuits  operating  over  word  level  data.  Many  important 
functions,  including  integer  multiplication,  that  cannot  be  represented  efficiently  at  the  bit  level  with 
BDDs  have  simple  rq)resentations  at  die  word  level  with  BMDs.  Furthermore,  BMDs  can  represent 
Boolean  functions  with  around  the  same  complexity  as  BDDs. 

We  propose  a  hierarchical  approach  to  verifying  arithmetic  circuits,  here  ba^c  building  blocks  are  first 
shown  to  implement  a  word-level  specificatiorL  The  overall  circuit  functionality  is  then  verified  at  the 
word  levd.  Multipliers  with  word  sizes  of  up  to  62  bits  have  been  verified  by  this  technique. 


Availability  Codes 
T^aiT  and/or 


Verification  of  Arithmetic  Functions 
with  Binary  Moment  Diagrams* 


Abstract 

Binary  Moment  Dia^ams  (HMDs)  provide  a  canonical  representations  for  linear 
functions  similar  to  the  way  Binary  Decision  Diagrams  (BDDs)  represent  Boolean 
functions.  Within  the  class  of  linear  functions,  we  can  embed  arbitary  functions  from 
Boolean  variables  to  real,  rational,  or  integer  values.  BMDs  can  thus  model  the  func¬ 
tionality  of  data  path  circuits  operating  over  word  level  data.  Many  important  func¬ 
tions,  including  integer  multiplication,  that  cannot  be  represented  efficiently  at  the 
bit  level  with  BDDs  have  simple  representations  at  the  word  level  with  BMDs.  Fur¬ 
thermore,  BMDs  can  represent  Boolean  functions  with  around  the  same  complexity  as 
BDDs. 

We  propose  a  hierarchical  approach  to  verifying  arithmetic  circuits,  here  basic  build¬ 
ing  blocks  are  first  shown  to  implement  a  word-level  specification.  The  overall  circuit 
functionality  is  then  verified  at  the  word  level.  Multipliers  with  word  sizes  of  up  to  62 
bits  have  been  verified  by  this  technique. 

Keywords:  Formal  verification,  binary  decision  diagrams,  arithmetic  circuits,  multi¬ 
pliers 


1.  Introduction 

Binary  Decision  Diagrams  (BDDs)  have  proved  successful  for  representing  and  manipulat¬ 
ing  Boolean  functions  symbolically  [4]  in  a  variety  of  application  domains.  Buib',1..'  .  n  this 
success,  there  have  been  several  efforts  to  extend  the  BDD  concept  to  represent  functions 
over  Boolean  variables,  but  having  non-Boolean  ranges,  such  as  integers  or  real  numbers 
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Command,  USAF,  and  the  Advanced  Research  Projects  Agency  (ARPA)  under  grant  number  F336 15-93-1- 
1330. 
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Table  1:  Categorization  of  Graphical  F\inction  Representations. 


[1,  7,  8,  15,  17].  This  class  of  functions  is  sometimes  termed  “pseudo- Boolean”  [12].  Many 
tasks  can  be  expressed  in  terms  of  operations  on  such  functions,  including  integer  linear  pro¬ 
gramming,  matrix  manipulation,  spectral  transforms,  and  word-level  digital  system  analysis. 
To  date,  the  proposed  representations  for  these  functions  have  proved  too  fragile  for  routine 
application — too  often  the  data  structures  grow  exponentiadly  in  the  number  of  variables. 

In  this  paper  we  propose  a  new  representation  called  Multiplicative  Binary  Moment  Diagrams 
(*BMDs)  that  improve  on  previous  methods.  *BMDs  incorporate  two  novel  features:  they 
are  based  on  a  decomposition  of  a  linear  function  in  terms  of  its  “moments,”  and  they  have 
weights  associated  with  their  edges  which  are  combined  multiplicatively  These  features 
have  as  heritage  ideas  found  in  previous  function  representations,  namely  the  Reed- Muller 
decomposition  used  by  Functional  Decision  Diagrams  (FDDs)  [9,  14],  and  the  additive  edge 
weights  found  in  Edge-Valued  Binary  Decision  Diagrams  (EVBDDs)  [15].  The  relations 
between  the  various  representations  are  described  more  fully  below. 

*BMDs  are  particularly  effective  for  representing  digital  systems  at  the  word  level,  where 
sets  of  binary  signals  are  interpreted  as  encoding  integer  (fixed  point)  or  rational  (floating 
point)  values.  Common  integer  and  floating  point  encodings  have  efficient  representations 
as  *BMDs,  as  do  operations  such  as  addition  and  multiplication.  *BMDs  can  also  represent 
Boolean  functions  as  a  special  case,  with  size  comparable  to  BDDs. 

*BMDs  can  serve  as  the  basis  for  a  hierarchical  methodology  for  verifying  circuits  such  as 
multipliers.  At  the  low  level,  we  have  a  set  of  building  blocks  such  as  add  steppers,  Booth 
steppers,  and  carry  save  adders  described  at  both  the  bit  level  (as  combinational  circuits) 
and  at  the  word  level  (as  algebraic  expressions).  Using  a  methodology  proposed  by  Lai  and 
Sastry  [15],  we  verify  that  the  bit-level  implementation  of  each  block  implements  its  word- 
level  specification.  At  the  higher  level  (or  levels),  a  system  is  described  as  an  interconnection 
of  blocks  having  word-level  representations,  and  the  specification  is  also  given  at  the  word- 
level.  We  then  verify  that  the  composition  of  the  block  functions  corresponds  to  the  system 
specification.  By  this  technique  we  can  verify  systems,  such  ais  multipliers  [5],  that  cannot 
be  represented  efficiently  at  the  bit  level.  We  also  can  handle  a  more  abstract  level  of 
specification  than  can  methodologies  that  work  entirely  at  the  bit  level. 


2.  Graphical  Function  Representations 

Methods  related  to  ordered  BDDs  for  representing  functions  as  graphs  can  be  categorized 
as  shown  in  Table  1.  First,  the  range  of  a  function  can  be  either  Boolean  or  numeric,  e.g., 
integer,  rational,  or  real.  Second,  we  will  consider  two  methods  of  decomposing  a  function 
with  respect  to  a  Boolean  variable  x:  in  terms  of  its  value  at  x  =  1  and  x  =  0  (pointwise 
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Figure  1:  Example  Function  Decompositions.  MTBDDs  are  based  on  a  pointwise 
decomposition  (left),  while  BMDs  are  based  on  a  linear  decomposition  (right). 


decomposition),  or  its  “moments,”  i.e.,  its  value  at  x  =  0  and  how  this  value  changes  as  x 
changes  to  1.  Finally,  the  values  of  a  numeric  function  can  be  expressed  in  terms  of  values 
associated  with  the  leaves  or  with  the  edges.  Note  that  in  all  cases  we  assume  a  total  ordering 
of  the  variables  and  that  variables  are  tested  according  to  this  ordering  along  any  path  from 
the  root  to  a  leaf. 

To  illustrate  the  two  ways  of  decomposing  a  function,  consider  the  function  F  over  a  set 
of  Boolean  variables  y  and  z,  yielding  the  integer  values  shown  in  the  table  of  Figure  1 .  A 
pointwise  decomposition  characterizes  a  function  by  its  value  for  every  possible  set  of  argu¬ 
ment  values.  By  extending  BDDs  to  allow  numeric  leaf  values,  the  pointwise  decomposition 
leads  to  a  “Multi-Terminal”  BDD  (MTBDD)  representation  of  a  function  [7,  8]  (also  called 
“ADD”  [1]),  as  shown  on  the  left  side  of  Figure  1.  In  our  drawings  of  graphs  based  on  a 
pointwise  decomposition,  the  dashed  line  from  a  vertex  denotes  the  case  where  the  vertex 
variable  is  0,  and  the  solid  line  denotes  the  case  where  the  variable  is  1.  Observe  that  the 
leaf  values  correspond  directly  to  the  entries  in  the  function  table. 

Exploiting  the  fact  that  the  function  variables  take  on  only  the  values  0  and  1,  we  can 
write  a  linear  expression  for  function  F  directly  from  the  function  table.  For  variable  y,  the 
cissignment  y  =  1  is  encoded  as  y,  and  the  assignment  y  =  0  is  encoded  as  1  —  y: 


F{x,y) 


8  (1-y)  (1-z)  -H 

-12  (1-y)  X  -h 
10  y  (1-^)  + 
-6  y  z 


Expanding  this  expression  and  combining  common  terms  yields  the  expression: 

F{x,  y)  =  8  -  20z  -h  2y  -h  4yz 
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=  8y®z“  +  -20y°z'  +  2y^z“  + 

This  representation  is  called  the  “monomial  expansion”  of  F.  It  represents  the  function  as 
a  sum  of  terms  ay^*z^*  where  a  is  a  numeric  coefficient  and  both  by  and  6,  are  either  0  or  1. 
This  expansion  leads  to  the  BMD  representation  of  a  function,  as  shown  on  the  right  side 
of  Figure  1.  In  our  drawings  of  graphs  based  on  a  moment  decomposition,  the  dashed  line 
from  a  vertex  indicates  the  case  where  the  function  is  independent  of  the  vertex  variable  x 
(6,  =  0),  while  the  solid  line  indicates  the  case  where  the  function  varies  linearly  (fe*  =  1). 

2.1.  Recursive  Decompositions  of  Functions 

The  graph  representations  of  functions  we  consider  expand  a  function  one  variable  at  a 
time,  rather  than  in  terms  of  all  the  variables,  as  do  the  tabular  form  and  the  monomial 
expansions  of  Figure  1.  Better  insight  can  be  gained  by  considering  recursive  decompositions 
of  the  function,  where  a  function  is  decomposed  in  terms  of  a  variable  into  two  subfunctions. 
In  our  graphical  representation,  each  vertex  denotes  a  function.  The  outgoing  branches  from 
the  vertex  indicate  the  subfunctions  resulting  from  the  decomposition  with  respect  to  the 
vertex  variable. 

For  function  /  over  a  set  of  Boolean  variables,  let  /*  (respectively,  /?)  denote  the  positive 
(resp.,  negative)  cofactor  of  /  with  respect  to  variable  x,  i.e.,  the  function  resulting  when 
constant  1,  (resp.,  0)  is  substituted  for  x.  BDDs  are  based  on  a  pointwise  decomposition, 
where  the  function  is  characterized  with  respect  to  some  variable  x  in  terms  of  its  cofactors. 
Function  /  can  be  expressed  in  terms  of  an  expansion  (variously  credited  to  Shannon  and 
to  Boole): 

/  =  xA/j  V  xA/, 

In  this  equation  we  use  A  and  V  to  represent  Boolean  sum  and  product,  and  overline  to 
represent  Boolean  complement. 

For  expressing  functions  having  numeric  range,  the  Boole-Shannon  expansion  can  be  gener¬ 
alized  as: 


/  =  (1  -x)-/y  -t-  X-/*  (1) 

where  •,  +,  and  —  denote  multiplication,  addition,  and  subtraction,  respectively.  Note  that 
this  expansion  relies  on  the  assumption  that  variable  x  is  Boolean,  i.e.,  it  will  evaluate  to 
either  0  or  1.  Both  MTBDDs  and  EVBDDs  (15,  17]  are  based  on  such  a  pointwise  decom¬ 
position.  As  with  BDDs,  each  vertex  v  describes  a  function  /  in  terms  of  its  decomposition 
with  respect  to  variable  x  =  Var(y).  The  two  outgoing  arcs:  Lo(y)  and  Hi(u)  denote  functions 
/y  and  /f,  respectively.  A  leaf  vertex  v  in  an  MTBDD  has  an  associated  value  Val(y). 

The  moment  decomposition  of  a  function  is  obtained  by  rearranging  the  terms  of  Equation 
1: 

/  =  /»  +  i-(/.-A) 

=  /*  +  !■/.  (2) 

where  /*  =  /x  —  fw  is  called  the  linear  moment  of  /  with  respect  to  x.  This  terminology 
arises  by  viewing  /  as  being  a  linear  function  with  respect  to  its  variables,  and  thus  fi  is  the 
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partial  derivative  of  /  with  respect  to  x.  Since  we  are  interested  in  the  value  of  the  function 
for  only  two  values  of  x,  we  can  always  extend  it  to  a  linear  form.  The  negative  cofactor 
will  be  termed  the  constant  moment,  i.e.,  it  denotes  the  portion  of  function  /  that  remains 
constant  with  respect  to  x,  while  fi  denotes  the  portion  that  varies  linearly.  Relating  to  the 
monomial  expansion  presented  earlier,  the  two  moments  of  function  /  partition  the  set  of 
monomial  terms  into  those  that  are  independent  of  x,  i.e.,  6,  =  0  (/?),  and  those  that  vary 
linearly  with  x,  i.e.,  6*  =  1  (fi). 

We  will  define  two  forms  of  graphs  representing  functions  according  to  a  moment  decompo¬ 
sition.  In  both  cases,  vertex  v  denoting  function  /  is  labeled  by  a  variable  i  =  Var(t;),  and 
has  two  outgoing  arcs:  Lo(u)  denoting  function  /?  and  Hi(t;)  denoting  function  /j.  We  will 
term  graphs  of  this  form  “Moment”  Diagrams  (MDs)  as  opposed  to  “Decision”  Diagrams 
(DDs).  The  distinction  is  based  on  the  rules  used  to  evaluate  a  function  for  some  valua¬ 
tion  of  the  variables.  In  a  decision  diagram  one  simply  traverses  the  unique  path  from  the 
root  to  a  leaf  determined  by  the  variable  values,  possibly  accumulating  edge  weights.  For 
example,  consider  the  evaluation  of  a  MTBDD  for  Boolean  variable  assignment  <f>.  That  is, 
<f>  denotes  a  function  that  for  each  variable  x  assigns  a  value  ^(x)  equal  to  either  0  or  to  1. 
The  evaluation  starting  at  vertex  v  can  be  defined  as: 


MTBDDeval(v,  = 


Val(t;),  V  is  leaf 

^  MTBDDeval{Lo(v),<f>),  <^(\/ar(v))  =  0 
MTBDDeval{H\{v),<i>),  ^i(Var(t;))  =  1 


(3) 


In  a  moment  diagram,  evaluation  requires  consideration  of  multiple  paths  in  the  graph.  For 
every  vertex  v  labeled  by  a  variable  x  that  evaluates  to  1,  subgraphs  Lo(t;)  and  Hi(v)  must 
both  be  evaluated  and  their  results  summed.  The  evaluation  of  BMD  for  Boolean  variable 
assignment  <f>  starting  at  vertex  v  can  be  defined  as: 

Val(u),  V  is  leaf 

BoolEval{Lo{v),<p),  (^(Var(v))  =  0  (4) 

BoolEval {Lo{v), <p)  -f-  BoolEval{H\{v),(l>),  <^(Var(u))  =  1 

In  return  for  the  more  complex  evaluation  rule  of  moment  diagrams,  we  obtain  graphs  that 

are  potentially  much  more  compact. 

By  way  of  comparison,  the  moment  decomposition  of  Equation  2  is  analogous  to  the  Reed- 
Muller  expansion  (also  called  the  positive  Davio  expansion  [9])  for  Boolean  functions: 


BoolEval{v,  ^)  =  < 


/  =  /x  e  X  A  (A  ©  h) 


The  expression  /x®/r  is  referred  to  as  the  Boolean  difference  of  /  with  respect  to  x  [21],  and  in 
many  ways  is  analogous  to  our  hnei’’  moment.  Other  researchers  [9, 14]  have  explored  the  use 
of  graphs  for  Boolean  functions  oased  on  this  expansion,  calling  them  Functional  Decision 
Diagrams  (FDDs).  By  our  terminology,  we  would  refer  to  such  a  graph  2is  a  “moment” 
diagram  rather  than  a  “decision”  diagram. 

2.2.  Edge  Versus  Terminal  Weights 
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X2 )  MTBDD 


Figure  2:  Different  Representations  for  Binary- Weighted  Bits.  All  represent  the 
function  X  =  4x2  +  2xi  +  Xq. 

One  method  to  represent  functions  yielding  numeric  values,  used  by  MTBDDs  and  by  BMDs, 
is  to  simply  introduce  a  distinct  leaf  vertex  for  each  constant  value  needed.  This  approach  hcis 
the  drawback,  however,  that  many  leaves  may  be  required,  often  exponential  in  the  number 
of  variables.  Figure  2  illustrates  the  complexity  of  the  function  mapping  a  vector  of  Boolean 
variables:  x„_i, . , , ,  xi,  Xo  to  an  integer  value  according  to  its  interpretation  as  an  unsigned 
binary  number.  As  can  be  seen,  the  MTBDD  representation  will  grow  exponentially  with 
the  word  size,  since  there  are  2"  different  values  for  the  function. 

A  second  method  for  dehning  function  values  is  to  associate  weights  with  the  edges.  This 
idea  was  originated  by  Lai,  et  al  in  their  definition  of  EVBDDs.  In  their  case,  edge  weights 
are  combined  additively,  i.e.,  the  value  of  a  function  is  determined  by  following  a  path  from  a 
root  to  a  leaf,  summing  the  edge  weights  encountered.  As  shown  on  the  right  side  of  Figure 
2,  the  edge  weights  of  EVBDDS  can  lead  to  a  much  more  compact  representation  than  with 
MTBDDs.  In  our  drawings  of  EVBDDs,  edge  weights  are  shown  in  square  boxes,  where  an 
edge  without  a  box  has  weight  0.  For  representing  a  sum  of  weighted  bits,  this  representation 
achieves  a  linear  complexity.  Various  schemes  can  be  used  for  “normalizing”  edge  weights 
so  that  the  resultiug  graph  provides  a  canonical  form  for  the  function.  For  example,  the 
standard  formulation  of  EVBDDs  requires  that  edge  Lo(u)  for  any  vertex  v  have  weight  0. 

The  bottom  of  Figure  2  shows  the  BMD  representation  of  the  same  function.  Observe 
that  the  graph  for  this  function  grows  linearly  with  word  size.  In  our  drawings  for  BMDs, 
the  solid  line  leaving  vertex  v  indicates  Hi(u),  the  linear  moment.  The  linear  moment  of 
X  with  respect  to  any  variable  x,-  is  simply  its  binary  weight  2*,  giving  rise  to  the  simple 


e 


Iiae2ur  structure  shown.  Thus,  the  moment  decomposition  is  sufficient  for  simplifying  the 
representation  of  this  function. 

*BMDs  also  have  edge  weights,  zdthough  the  weights  combine  multiplicatively  rather  than 
2Miditively.  Although  not  the  case  for  Figure  3,  edge  weighting  can  lead  to  a  much  more 
concise  representation  of  a  function.  As  an  illustration.  Figure  3  shows  three  representations 
of  the  function  8—20z+2y+4yz+l2x-{-24x2+l5xy.  The  upper  graph  is  a  BMD,  with  the  leaf 
values  corresponding  to  the  coefficients  in  the  monomial  expansion.  As  the  figure  shows,  the 
BMD  data  structure  misses  some  opportunities  for  sharing  of  common  subexpressions.  For 
example,  the  terms  2y  +  4yz  and  12x  +  24xz  can  be  factored  as  2y{\  +  2z)  and  12x(l  +  2z), 
respectively.  The  representation  could  therefore  save  space  by  sharing  the  subexpression 
1  +  2z.  For  more  complex  functions,  one  might  expect  more  opportunities  for  such  sharing. 

The  two  forms  of  *BMDs,  shown  at  the  bottom  of  Figure  3  indicate  how  *BMDs  are  able 
to  exploit  the  sharing  of  common  subexpressions.  In  our  drawings  of  *BMDs,  we  indicate 
the  weight  of  an  edge  in  a  square  box.  Unlabeled  edges  have  weight  1.  In  evaluating 
the  function  for  a  set  of  arguments,  the  weights  are  multiplied  together  when  traversing 
downward.  There  are  a  variety  of  different  rules  for  manipulating  edge  weights,  resulting 
in  different  representations.  We  will  describe  two  different  sets  of  rules — one  that  results  in 
rational  weights,  even  when  manipulating  integer  functions  (left),  and  one  that  yields  integer 
weights,  but  is  only  applicable  for  integer  functions  (right).  Observe  that  these  two  rules 
yield  graphs  with  identical  branching  structure,  but  differing  in  edge  weights. 

For  the  remainder  of  the  presentation  we  will  consider  mainly  *BMDs,  The  effort  required 
to  implement  weighted  edges  is  justified  by  the  savings  in  graph  sizes.  For  functions  with 
integer  ranges,  we  will  use  integer  edge  weights.  Keeping  edge  weights  as  integers  is  easier 
than  maintaining  rational  numbers.  If  we  approximate  rational  numbers  with  floating  point 
representations,  the  vagaries  of  the  rounding  behavior  could  greatly  complicate  the  use  of 
*BMDs  in  formal  verification. 


2.3.  Algebraic  Structure 


Although  we  have  presented  BMDs  and  *BMDs  as  methods  for  representing  functions  over 
Boolean  variables,  they  can  also  be  viewed  as  representing  arbitrary  linear  functions.  For 
example,  the  BMD  of  Figure  1  can  be  viewed  as  representing  the  function  F{x,y)  =  8  — 
20z  +  2y  +  4yz  for  arbitrary  values  of  y  and  z.  The  rule  for  evaluating  a  graph  given  a 
numeric  variable  assignment  then  becomes: 


LinEval(v,  <f>) 


{Val(u),  u  is  leaf  . 

LinEval{Lo{v),<f>)  <l>{\/ar{v))  •  LinEval{H\{v),(l))  otherwise 


The  class  of  linear  functions  can  be  defined  as  either  those  that  can  be  expressed  as  a  tn  . 
of  monomial  terms,  or  as  those  functions  that  obey  Equation  2  for  ail  variables. 

An  algebraic  structure  for  linear  functions  provides  further  insight  into  our  representation. 
Let  L  denote  the  set  of  linear  functions,  and  for  a  variable  assignment  <j>  let  f{4>)  denote  the 
result  of  evaluating  linear  function  /  according  to  this  assignment.  We  can  define  addition 
of  linear  functions  in  the  usual  way,  i.e.,  the  sum  of  two  functions  /  +  ^  is  a  function  h  such 
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Rational  Weights 


Integer  Weights 


Figure  3:  Examples  of  BMD  and  *BMDs.  All  represent  the  function 
8  —  20s!  +2y  +  ^yz  +  12x  +  24xz  +  15iy.  *BMDs  have  weights  on  the  edges  that  com¬ 
bine  multiplicatively. 


that  h{(f>)  =  /(^)  +  g{<f>)-  It  can  be  seen  that  the  algebraic  structure  {L,  +)  forms  a  group, 
having  as  identity  element  the  function  that  always  evaluates  to  0. 

We  could  define  a  multiplication  over  functions  in  a  similar  fashion,  but  then  the  class 
of  linear  functions  would  not  be  closed  under  this  operation.  The  product  of  two  linear 
functions  could  yield  a  quadratic  function.  In  particular,  the  product  of  functions  /  and  g, 
denoted  /  •  g  can  be  defined  recursively  as  follows.  If  these  functions  evaluate  to  constants  a 
and  6,  respectively,  then  their  product  is  simply  f  -g  —  a- b.  Otherwise  assume  the  functions 
are  given  by  their  moment  expansions  (Equation  2)  with  respect  to  some  variable  i.  The 
product  of  the  functions  can  then  be  defined  as: 

f-g  =  h'9x-^x{fr-gi  +  fi-gx)-^x^Si-gx  (6) 

One  can  readily  show  that  this  definition  is  unambiguous — the  result  is  independent  of  the 
ordering  of  the  variables  in  the  successive  decompositions. 

Instead  of  conventional  multiplication,  we  can  define  an  operation  •  with  similar  properties, 
except  that  it  preserves  linearity.  This  involves  “demoting”  the  quadratic  term  in  the  equa¬ 
tion  for  conventional  multiplication  to  a  linear  term.  The  linear  product  of  functions  /  and 
g,  denoted  /‘y,  is  defined  recursively  as  follows.  If  these  functions  evaluate  to  constants  a 
and  6,  respectively,  then  their  linear  product  is  simply  their  product:  f‘g  =  a-b.  Otherwise 
assume  the  ftmctions  are  given  by  their  moment  expansions  (Equation  2)  with  respect  to 
some  variable  x.  Their  linear  product  is  defined  as 

/•»  =/*-5*  +  a?(/3F'5*  +  /i‘<;?  +  /x*^i)  (7) 

One  can  show  that  the  definition  is  independent  of  the  ordering  in  the  decomposition.  The 
algebraic  structure  (Z,  -f,  •)  forms  a  ring.  That  is,  •  is  associative,  and  it  distributes  over  -}-. 
Furthermore,  the  function  that  always  yields  1  serves  as  a  unit  for  this  ring. 

Although  the  linear  product  operation  is  not  the  same  as  conventional  multiplication,  there 
are  two  important  cases  where  we  can  safely  use  f'g  as  a.  replacement  for  /  •  g.  First, 
under  the  Boolean  domain  restriction,  i.e.,  considering  only  variable  assignments  <(>  such 
that  <i){x)  €  {0, 1},  we  are  guaranteed  that  \J  •  g\{4')  =  [f  'g]{<i>)-  Second,  define  the  support 
of  a  function  /  as  those  variables  x  such  that  fi  ^  0.  Under  the  independent  support 
assumption,  where  functions  /  and  g  have  disjoint  support  sets,  we  have  that  f  ■  g  =  f  -  g 
for  any  variable  assignment.  In  particular,  for  any  variable  z  we  must  have  that  either  fi  or 
gi  is  identically  0,  and  hence  the  quadratic  term  of  Equation  6  drops  out. 

In  general,  we  can  “linearize”  any  operation  op  to  create  an  operation  dp  such  that  for  any 
Boolean  variable  assignment  (f>,  we  have  [f  dp  g]i<i>)  =  /(<^)  op  g{4>).  This  involves  generating 
moments  with  respect  to  each  variable  z  as: 


[f  op  g\s 

=  fx  dp  gs 

(8) 

[S  op  g\i 

=  [f  opg\,-\f  dpg\s 

=  [fxOpg,]-\hdpgs\ 

-  [{fx  +  fx)  Op{9x  +  </x)]  -  [fx  op  gx] 

(9) 

As  before,  the  definition  is  independent  of  the  variable  ordering.  In  general,  this  lineariza¬ 
tion  would  not  yield  valid  results  for  non-Boolean  variable  assignments,  whether  or  not  the 
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Figure  4:  Representations  of  Signed  Integers.  All  commonly  used  encodings  can  be 
represented  easily. 

arguments  have  independent  support.  For  example,  the  linearized  form  of  exponentiation 
would  convert  (x  +  2)*'  into  1  +  y  +  xy. 

3.  Representation  of  Numeric  Functions 

*BMDs  provide  a  concise  representation  of  functions  defined  over  “words”  of  data,  i.e., 
vectors  of  bits  having  a  numeric  interpretation.  Let  x  represent  a  vector  of  Boolean  variables: 
Zn-i, . . . ,  zi,  zq.  These  variables  can  be  considered  to  encode  an  integer  X  aM:cording  to  some 
encoding,  e.g.,  unsigned  binary,  two’s  complement,  BCD,  etc.  As  Figuie  2  shows,  the  *BMD 
(as  well  aa  BMD)  representations  for  X  according  to  an  unsigned  binary  encoding  have  linear 
complexity.  Figure  4  illustrates  the  *BMD  representations  of  several  common  encodings  for 
signed  integers,  where  z„_i  is  the  sign  bit.  The  sign-magnitude  encoding  gives  integer  value 
X  =  —  where  X'  is  the  unsigned  integer  encoded  by  the  remaining  bits.  Observe 

that  this  can  be  expressed  in  the  linear  form  (1  —  2zn-x)A’',  yielding  a  graph  structure  where 
both  moments  for  variable  Zn_i  point  to  the  graph  for  X',  but  having  edge  weights  1  and  —2. 
As  the  other  graphs  in  the  figure  illustrate,  both  two’s  complement  and  one’s  complement 
encodings  can  be  viewed  as  sums  of  weighted  bits,  where  the  sign  bit  is  weighted  either 
—2"”^  (two’s  complement)  or  1  —  2"~*  (one’s  complement)  [18]. 

The  conciseness  of  *BMDs  arises  from  two  important  properties  of  typical  encodings.  First, 
many  encodings  are  based  on  a  sum  of  weighted  bits.  In  terms  of  the  monomial  expansion, 
this  implies  that  the  terms  are  all  of  low  degree.  Second,  the  irr  '%rity  of  the  encodings  gives 
rise  to  many  subexpressions  differing  only  by  multiplicative  factors.  This  leads  to  sharing  of 
subgraphs  in  the  *BMD,  with  edge  weights  denoting  the  different  factors. 

3.1.  Word-Level  Operations 
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Form 

X 

X+Y 

X*Y 

X^ 

MTBDD 

EVBDD 

BMD 

BMD 

exponential 

linear 

linear 

lineair 

exponential 

linear 

linear 

linear 

exponential 

exponential 

quadratic 

linear 

exponential 

exponential 

quadratic 

quadratic 

exponential 

exponential 

exponential 

linear 

Table  2:  Word-Level  Operation  Complexity.  Expressed  in  how  the  graph  sizes  grow 
relative  to  the  word  size. 

Table  2  provides  a  comparative  summary  of  the  four  function  representations  for  a  number 
of  word-level  operations  on  unsigned  data.  *BMD  examples  of  these  functions  are  included 
in  this  paper.  As  can  be  seen,  MTBDDs  are  totally  unsuited  for  this  class  of  functions.  The 
range  of  the  functions  to  be  represented  is  simply  too  large.  EVBDDs  yield  better  results 
for  representing  word-level  data  and  for  representing  “additive”  operations  (e.g,  addition 
and  subtraction)  at  the  word  level.  This  capability  wm  exploited  by  Lai  and  Sastry  in 
verifying  adder  circuits  against  word-level  specifications  [15].  On  the  other  hand,  EVBDDs 
cannot  efficiently  represent  more  complex  functions  such  as  multiplication,  squaring,  and 
exponentiation.  Thus,  for  example,  they  cannot  be  used  for  verifying  multipliers.  In  fact,  all 
published  examples  that  can  be  handled  efficiently  at  the  word  level  using  EVBDDs  can  be 
handled  at  the  bit  level  using  BDDs.  Their  utility  in  verifying  circuits  is  mainly  for  providing 
a  more  abstract  form  of  specification. 

Both  BMDs  and  *BMDs  are  much  more  effective  for  representing  word-level  operations. 
BMDs  remain  of  polynomial  (quadratic)  size  for  both  multiplication  and  for  squaring,  al¬ 
though  they  grow  exponentially  for  exponentiation.  *BMDs  do  even  better,  being  quadratic 
for  squaring  and  linear  for  all  other  operations  listed.  By  verifying  circuits  at  the  word  level 
with  *BMDs,  we  can  handle  classes  of  systems  that  are  beyond  the  capability  of  BDDs  and 
other  bit-level  techniques. 

Figure  5  illustrates  the  *BMD  representations  of  addition  and  multiplication  expressed  at 
a  word  level.  Observe  that  the  sizes  of  the  graphs  grow  only  linearly  with  the  word  size  n. 
Word-level  awldition  can  be  viewed  as  summing  a  set  of  weighted  bits,  where  bits  Xi  and  yi 
both  have  weight  2*.  Word- level  multiplication  can  be  viewed  ais  summing  a  set  of  partial 
products  of  the  form  z<2'K. 

As  with  BDDs,  the  representation  of  a  function  depends  on  the  variable  ordering.  For 
example.  Figure  6  shows  the  *BMDs  for  word-level  multiplication  under  two  additional 
variable  orderings.  Observe  that  although  these  graphs  appear  more  complex  than  the  one 
of  Figure  5,  their  complexity  still  grows  only  linearly  with  n.  In  our  experience,  '^‘BMDs  are 
much  less  sensitive  to  variable  ordering  than  are  BDDs. 

I  -gure  7  illustrates  the  *BMD  representations  of  two  unary  operations  on  word-level  data. 
For  representing  the  function  c^  (in  this  case  c  =  2),  the  *BMD  has  linear  complexity.  It 
expresses  the  function  as  a  product  of  factors  of  the  form  c^'®’  =  (c*')*v  Since  x,-  evaluates 
to  either  0  or  to  1,  the  exponentiation  can  be  linearized  as:  a*’  =  l-f  (a  —  I)®,-.  In  the  graph, 
a  vertex  labeled  by  variable  a  has  outgoing  edges  with  weights  1  and  c^’  —  1  both  leading 
to  a  common  vertex  denoting  the  product  of  the  remaining  factors. 
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x+y  x*Y 


Figure  5:  Representations  of  Word-Level  Sum  and  Product.  The  graphs  grow  linearly 
with  word  size. 

For  representing  the  function  X’,  both  the  BMD  and  the  *BMD  have  quadratic  complexity. 
The  representation  can  be  seen  to  follow  a  recursive  expansion  of  the  function  based  on 
the  decomposition:  X  =  Xn  =  2’*”*Xn_i  +  Xn-i,  where  Xk  denotes  the  weighted  sum  of 
variables  xq  through  Xfc_i.  In  terms  of  this  decomposition  we  have: 

Since  x„_i  is  Boolean-valued,  we  can  “demote”  the  quadratic  term  x*_i  to  a  linear  term 
Xn_i,  Thus,  the  constant  moment  for  the  function  is  while  the  linear  moment  is 

22*1-2  ^  2“ Xn-i  _  2'^{Xn-i  +2"“’).  In  our  example  with  n  =  4,  the  left  subgraph  represents 
the  function  X3,  while  the  right  side  represents  the  subgraph  16(A'3  +  4).  Observe  that  the 
different  constant  offsets  for  each  bit  cause  the  growth  of  the  graph  to  be  quadratic  rather 
than  linear.  That  is,  there  is  no  sharing  between  the  graphs  for  the  terms  Xi-i  -f-  2‘~*  for 
different  values  of  i.  For  many  applications,  this  quadratic  complexity  is  acceptable.  For 
example,  we  could  represent  the  square  of  a  32-bit  number  by  a  graph  of  around  530  vertices. 

4.  Representation  of  Boolean  Functions 

Boolean  functions  are  just  a  special  case  of  numeric  functions  having  a  restricted  rane;e. 
Therefore  such  functions  can  be  represented  as  BMDs  or  *BMDs.  The  algebraic  slru^  ^n  e 
introduced  in  Section  2.3  provides  a  convenient  notation  for  translating  Boolean  operai.Luis 
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Figure  6:  Representations  of  Word-Level  Product  for  Other  Variable  Orderings. 
The  graphs  grow  linearly  with  the  word  size  regardless  of  the  variable  ordering. 
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Figure  8:  Representations  of  Boolean  Functions.  Representations  as  *BMDs  are  com 
parable  in  size  to  BDDs. 


into  operations  on  linear  functions.  In  particular,  let  /  and  g  denote  functions  have  Boolean 
ranges.  Then  we  can  define  the  standard  Boolean  operations  as: 


/  =  l-f 

=  f'g 

=  f  +  g-U‘g) 

feg  =  f  +  g-2if'g)  (10) 

Figure  8  illustrates  the  *BMD  representations  of  several  common  Boolean  functions  over 
multiple  variables,  namely  their  Boolean  product  and  sum,  as  well  as  their  exclusive-or  sum. 
As  this  figure  shows,  the  ’‘‘BMD  of  Boolean  functions  may  have  values  other  than  0  or  1 
for  edge  weights  and  leaf  values.  Under  all  variable  assignments,  however,  the  function  will 
evaluate  to  0  or  to  1.  As  can  be  seen  in  the  figure,  these  functions  all  have  representations 
that  grow  linearly  with  the  number  of  variables,  as  is  the  case  for  their  BDD  representations. 
The  representation  for  And  follows  due  to  the  parallel  between  Booleam  and  linear  products. 
The  representation  for  OR  can  be  seen  to  follow  an  iterative  structure.  In  particular,  let 
Fn  denote  the  OR  of  variables  xi,xj,  ...,a;n»  and  denote  their  Nor,  i.e.,  Gn  =  1  —  F„. 
Function  Fn  can  be  rewritten  as: 

Fn  =  Xn  V  F„_1 

=  Xn  +  F —  (Xn  •  Fn_l) 

=  F«_1  +  Xn(l  —  F„_i) 

=  F«_1  +  XnGn-1 

Thus,  the  moments  of  function  Fn  with  respect  to  variable  x„  are  Fn-i  and  Gn-i.  Based  on 
this  result,  function  Gn  can  be  rewritten  as: 

Gn  =  1-Fn 

=  1  —  F„_i  —  X„Gn-l 
=  Gn-1  +  X„(  — G„_i) 


Thus,  the  moments  of  function  Gn  with  respect  to  variable  Xn  are  Gn-i  and  — Gn-i-  In  the 
center  graph  of  Figure  8,  the  vertices  on  the  left  side  denote  the  sequence  of  OR  functions, 
while  those  on  the  right  side  denote  the  sequence  of  Nor  functions. 

The  representation  for  Exclusive-Or  follows  a  similar  iterative  structure.  It  can  be  gen¬ 
erated  by  defining  function  Fn  to  be  the  Exclusive-Or  of  variables  xi,X2,...,x„,  while 
letting  Gn  denote  the  function  Gn  =  1  —  2Fn.  It  can  be  shown  that  Fn  has  tn'>rrt-''’ts  F„_i 
and  Gn-i,  while  Gn  has  moments  Gn-i  and  — 2Gn-i. 

Figure  9  illustrates  the  similarity  between  BDDs  and  *BMDs  when  representing  the  Boolean 
functions  describing  an  adder  circuit  at  the  bit  level.  Observe  the  relation  between  the 
word-level  representation  (Figure  5)  and  the  bit-level  representation  of  addition.  Both  are 
functions  over  variables  representing  the  adder  inputs,  but  the  former  is  a  single  function 
yielding  an  integer  value,  while  the  latter  is  a  set  of  Boolean  functions:  one  for  each  output 
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signal  for  the  circuit.  The  relation  between  these  two  representations  will  be  discussed  more 
fully  in  our  development  of  a  verification  methodology. 

The  BDD  representation  shown  in  Figure  9  employs  two  techniques  to  reduce  its  size  [3]. 
First,  it  represents  a  set  of  functions  by  a  single  graph  with  multiple  roots,  allowing  dif¬ 
ferent  functions  to  share  common  subgraphs.  In  fact,  the  set  of  functions  is  maintained 
in  strong  canonical  form,  where  every  function  to  be  represented  is  denoted  by  a  unique 
root  vertex.  The  *BMD  representation  can  also  use  this  form  of  sharing  and  maintained  in 
strong  canonical  form.  Second,  the  BDD  contains  “negative  edges”  (indicated  by  dots  on 
the  edge)  to  denote  Boolean  complementation.  The  use  of  edge  weights  in  *BMDs  has  a 
similar  effect,  although  edge  weights  cannot  be  used  to  directly  represent  the  complement 
operation:  7  ~  1  —  /•  Observe  in  any  case  that  the  *BMD  representation  for  these  functions 
has  a  similar  structure  to  the  BDD  representation.  Both  grow  linearly  with  the  word  size, 
with  the  "'BMD  requring  7  vertices  per  bit  position,  and  the  BDD  requiring  5. 

In  all  of  the  examples  shown,  the  *BMD  representation  of  a  Boolean  function  is  of  comparable 
size  to  its  BDD  representation.  We  conjecture,  however,  that  this  is  not  always  the  case. 
The  two  representations  are  based  on  different  expansions  of  the  function,  and  hence  there 
would  not  seem  to  be  any  fundamental  reason  for  them  to  be  of  similar  complexity. 


5.  Factoring  and  Other  Decision  Properties 

One  powerful  property  of  BDDs  is  that,  given  a  BDD  representation  of  a  function  /  over  a 
set  of  variables  x,  one  can  easily  find  solutions  to  the  equation  f(x)  —  0  by  tracing  paths 
from  the  root  to  the  leaf  with  value  0.  This  strength  of  BDDs  is  also  a  limitation.  Since 
any  problem  that  can  be  expressed  as  a  function  /  having  an  efficient  BDD  representation 
is  amenable  to  easy  solution,  this  implies  that  BDDs  cannot  efficiently  represent  functions 
corresponding  to  intractable  problems. 

Imagine  for  example,  that  it  were  possible  to  construct  the  2n  BDDs  giving  a  bit-level 
representation  of  multiplication  over  n-bit  integers  x  and  y.  Then  wr  could  potentially 
factor  a  large  number  K,  by  solving  the  equation: 

3n-l 

/\  Pi{x,^®ki  =  0 

tsO 

where  Pi  is  the  function  representing  bit  i  of  the  product,  and  A,  is  the  ith  bit  of  K.  Observe 
in  this  equation  that  the  values  ki  are  constants,  and  therefore  the  computation  involves 
forming  the  product  of  either  true  or  complemented  multiplier  output  functions.  Experts 
consider  factoring  to  be  a  “hard”  problem.  In  fact,  the  USA  encryption  algorithm  [23]  relies 
on  the  assumption  that  given  the  public  key,  one  cannot  derive  the  two  prime  factors  of  the 
key  in  a  reasonable  amount  of  time.  Thus,  one  would  expect  that  some  step  in  the  above 
scheme  for  factoring  would  break  down.  In  the  case  of  BDDs,  the  problem  comes  in  trying 
to  generate  the  BDD  representations  of  the  functions  P,-.  It  can  be  shown  that  these  graphs 
grow  exponentially  with  the  word  size  [5]. 

Define  the  task  of  “finding  a  zero  for  function  /”  as  finding  a  (Boolean)  variable  assignment 
such  that  f(x)  =  0.  We  will  call  a  representation  for  functions  “easily  invertible”  if  it 
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Figure  10:  Representation  of  Factoring  Problem.  Solving  requires  finding  variable 
assignment  that  evaluates  to  0 — not  an  easy  task. 
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is  always  possible  to  find  a  zero  for  the  function  in  time  polynomial  in  the  size  of  the 
representation.  Both  BDDs  and  MTBDDs  have  this  property — one  simply  finds  a  path  to 
the  leaf  with  value  0.  One  can  also  show  that  FDDs  are  easily  invertible  [2],  even  though 
evaluation  does  not  involve  simply  following  a  single  path  in  the  graph. 

On  the  other  hand,  EVBDDs  are  not  easily  invertible,  assuming  P  ^  NP.  The  following 
argument  shows  that  the  problem  of  finding  a  zero  of  a  ftmction  represented  by  an  EVBDD 
is  NP-complete.  First,  the  problem  is  clearly  NP,  since  given  an  assignment  to  the  variables, 
one  can  evaluate  an  EVBDD  and  determine  whether  the  function  yields  0  for  this  assign¬ 
ment.  Furthermore,  any  instance  of  the  NP-complete  Partition  problem  [10]  can  readily  be 
translated  into  an  EVBDD  solution  problem.  This  problem  is  defined  as:  given  a  set  of  n 
elements  A,  where  each  element  i  has  a  nonnegative  integer  “size”  Si,  determine  whether 
there  exists  a  subset  A'  such  that 


igi*'  i€i4-A' 

To  translate  this  into  an  equation  solution  problem,  let  S  =  12, s,-,  and  define  the  function 
/  as: 

/(xi,...,ar„)  =  -5/2  +  Y^XiSi  (11) 

i=l 

This  function  has  an  EVBDD  with  n  nonterminal  vertices.  It  is  similar  in  structure  to  that 
of  Figure  2,  except  that  the  outgoing  solid  arc  from  a  vertex  with  variable  z,  has  weight  Sj, 
and  the  root  has  weight  —5/2.  The  challenge  of  solving  this  problem  for  EVBDDs  can  be 
seen  to  lie  with  the  edge  weights.  One  must  find  a  path  through  the  graph  such  that  the 
edge  weights  encotmtered  sum  to  0. 

By  a  similar  argument,  one  can  show  that  BMDs  and  *BMDs  also  do  not  form  easily 
invertible  representations.  Both  are  clearly  in  NP,  since  evaluation  can  be  performed  in 
time  linear  in  the  graph  sizes.  Furthermore,  both  provide  linear-sized  representations  of  the 
function  defined  in  Equation  11.  For  example,  the  BMD  representation  of  this  function  has 
structure  similar  to  that  of  Figure  2.  The  solid  arc  from  a  vertex  with  variable  z,  points  to  a 
leaf  with  value  s,-,  while  the  dashed  arc  from  the  vertex  with  variable  zo  points  to  a  leaf  with 
value  —5/2.  The  *BMD  has  similar  structure,  but  possibly  with  weights  moved  up  into  the 
edges. 

The  challenge  of  finding  a  zero  of  a  BMD  or  *BMD  can  be  seen  to  lie  with  the  evaluation 
rule,  given  by  Equation  4 — evaluation  requires  considering  multiple  paths  in  the  graph.  We 
can  readily  represent  the  factoring  problem,  as  shown  in  Figure  10  by  constructing  a  *BMD 
representation  of  the  function  X  -Y  —  K  (in  this  example  K  =  35).  The  BMD  representation 
of  this  function  is  somewhat  more  complex,  but  still  of  size  quadratic  in  n.  The  lack  of  an 
efficient  inversion  algorithm  prev*.’r>’3  one  from  factoring  by  this  method. 

The  example  of  factoring  illustrates  the  fact  that  the  strengths  and  weaknesses  of  BDDs 
versus  "^BMDs  are  somewhat  orthogonal.  Tasks  that  can  easily  be  performed  on  BDDs  are 
much  more  difficult  to  perform  on  *BMDs.  On  the  other  hand,  *BMDs  can  represent  circuit 
functions  that  cause  exponential  blow  up  for  BDDs  or  to  their  extensions  as  MTBDDs  and 
EVBDDs. 
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6.  Algorithms 


In  this  section  we  describe  key  algorithms  for  constructing  and  manipulating  '*‘BMDs.  The 
algorithms  have  a  similar  style  to  their  counterparts  for  BDDs.  Unlike  operations  on  BDDs 
where  the  complexities  are  at  worst  polynomial  in  the  ugument  sizes,  most  operations  on 
*BMD8  potentially  have  exponential  complexity.  We  will  show  in  the  experimental  results, 
however,  that  these  exponential  cases  do  not  arise  in  our  applications. 


6.1.  Representation  of  *BMDs 

We  will  represent  a  function  as  a  "weighted  pair”  of  the  form  (w,  v)  where  w  is  a  numeric 
weight  and  v  designates  a  graph  vertex.  Weights  can  either  be  maintained  as  integers  or 
real  numbers.  Maintaining  rational-valued  weights  follows  the  same  rules  as  the  real  case. 
Vertex  v  —  A.  denotes  a  terminal  leaf,  in  which  case  the  weight  denotes  the  leaf  value.  The 
weight  w  must  be  nonzero,  except  for  the  terminal  case.  Each  vertex  v  has  the  following 
attributes; 

Var(s)  The  vertex  variable. 

Hi(v)  The  pair  designating  the  linear  moment. 

Lo(o)  The  pair  designating  the  constant  moment. 

Uid(i;)  Unique  identifier  for  vertex. 

Observe  that  each  edge  in  the  graph  is  also  represented  as  a  weighted  pair. 

6.2.  Maintaining  Canonical  Form 

The  functions  to  be  represented  are  maintained  as  a  single  graph  in  strong  canonical  form. 
That  is,  pairs  (loi,  wi)  and  (twj,  i^)  denote  the  same  function  if  and  only  if  =  u>2  and 
vi  =  V2.  We  assume  that  the  set  of  variables  is  totally  ordered,  and  that  all  of  the  vertices 
constructed  obey  this  ordering.  That  is,  for  iiny  vertex  u,  its  variable  Var(t;)  must  be  less 
than  any  variable  appearing  in  the  subgraphs  Lo(v)  and  Hi(v). 

Maintaining  a  canonical  form  requires  obeying  a  set  of  conventions  for  vertex  creation  and 
for  weight  manipulation.  These  conventions  are  expressed  by  the  pseudo-code  shown  in 
Figures  11  and  12.  The  MakeBranch  algorithm  provides  the  primary  means  of  creating  and 
reusing  vertices  in  the  graph.  It  is  given  as  arguments  a  variable  and  two  moments,  each 
represented  as  weighted  pairs.  It  returns  a  pair  representing  the  function  given  by  Equation 
2.  It  assumes  that  the  argument  variable  is  less  than  any  variable  in  the  argument  subgraphs. 
The  steps  performed  by  MakeBranch  are  illustrated  in  Figure  13.  In  this  figure  two  moments 
are  drawn  as  weighted  pointers. 

When  the  linear  moment  is  the  constant  0,  we  can  simply  return  the  constant  moment  as 
the  result,  since  this  function  is  independent  of  variable  x.  Observe  that  this  rule  differs 
from  the  reduction  rule  for  a  graph  based  on  a  pointwise  decomposition  such  as  BDDs.  In 
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function  MdfceBrancA(variable  x,  pair  (ti^,  t^),  pair  («?*,«/,)):  pair 
{  Create  a  branch,  normalize  weights.  } 

{  Assumes  that  x  <  \/ar(o/i)  and  i  <  Var(ti)  } 
if  i0\  =  0  then  return  (ti4,t^) 
w  <—  NormWeight(wi,  W|^) 
wi  *—  wi/w 
vJk/y} 

V  *—  UniqueVei’tex{x,  (to^, 

return  (to,  v) 

function  C/nt9ueVertez( variable  z,  pair  (iiq,v/),  pair  {wk,vh)):  vertex 
{  Maintain  set  of  graph  vertices  such  that  no  duplicates  created  } 
key  *-  [x,  tfli,  Uid(oi),  to^,  Uid(B/i)] 
found,  V  <—  LookUp{UTable,  key) 
if  found  then  return  v 

V  iVeii>(vertex) 

Var(o)  <—  r,  Uid(o)  *—  Unid(); 

Lo(w)  *-  (iot,«r);  Hi(t>)  ♦-  (tofc,®*) 
lnsert(  (/Table,  key,  t>) 
return  v 

function  NormWeigh^intefier  toi,  integer  w^):  integer 
{  Normalization  function,  integer  weights.  } 
w  *-  gcd(tor,  wh) 
if  <  0 

then  return  —to 
else  return  to 


function  NormWeight{real  wi,  real  to*):  real 
{  Normalization  function,  real  weights  } 
if  =  0 

then  return  Wf, 
else  return  t0( 


Figure  11:  Algorithms  for  Maintaining  ’"BMD.  These  algorithms  preserve  a  strong 
camonical  form. 
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function  Apply Wtightl(;wty\t^  u',  pair  {w,  o)):  pair 
{  Multiply  function  by  constant  } 
if  to'  =  0  then  return  (0,  A) 
return  (to'  •  to,  v) 


Figure  12:  Algorithm  for  Multiplying  Function  by  Weight.  This  algorithm  ensures 
that  edge  to  a  nonterminal  vertex  has  weight  0. 


Arguments  Results 


X 


Figure  13:  Normalizing  Transformations  Made  by  MakeBranch.  These  transformations 
enforce  the  rules  on  branch  weights. 
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such  cases  a  vertex  can  be  eliminated  when  both  of  its  children  are  identical.  This  reflects 
the  difference  between  the  two  different  function  decompjositions.  Our  rule  for  *BMDs  is 
similar  to  that  for  FDDs  [9,  14]. 

For  other  values  of  the  linear  moment,  the  routine  first  factors  out  some  weight  tw,  ad¬ 
justing  the  weights  of  the  two  arguments  aiccordingly.  We  show  two  versions  of  a  function 
NormWeight  according  to  whether  integer  or  real- valued  weights  are  to  be  used.  For  the 
integer  case,  we  want  to  extract  any  common  factor  while  ensuring  that  all  weights  are  inte¬ 
gers.  Hence  we  take  the  greatest  common  divisor  (gcd)  of  the  argument  weights.  In  addition, 
we  adopt  the  convention  that  the  sign  of  the  extracted  weight  matches  that  of  the  constant 
moment.  This  assumes  that  gcd  always  returns  a  nonnegative  value.  For  real-valued  weights 
we  adopt  the  convention  that  the  weighted  pair  designating  the  constant  moment  for  a  ver¬ 
tex  always  has  weight  0  (only  when  this  moment  is  the  constant  0)  or  1 .  In  the  former  case 
the  weight  of  the  pair  designating  the  first  moment  will  have  weight  1.  Thus,  normalizing 
real- valued  weights  involves  moving  one  of  the  argument  weights  up  and  adjusting  the  other. 

Once  the  weights  have  been  normalized  MakeBranck  calls  the  function  UniqueVertex  to  find 
an  existing  vertex  or  create  a  new  one.  This  function  maintains  a  table  (typically  a  hash 
table)  where  each  entry  is  indexed  by  a  key  formed  from  the  variable  and  the  two  moments. 
Every  vertex  in  the  graph  is  stored  according  to  such  a  key  and  hence  duplicaie  vertices  are 
never  constructed. 

Figure  12  shows  the  code  for  a  function  Apply  Weight  to  multiply  a  function,  given  as  a 
weighted  pair,  by  a  constant  value,  given  as  a  weight  w'.  This  procedure  simply  adjusts  the 
pair  weight,  detecting  the  special  case  where  the  multiplicative  constant  is  0. 

As  long  as  all  vertices  are  created  thrcugh  calls  to  the  MakeBranch  function  and  all  mul¬ 
tiplications  by  constants  are  performed  by  calls  to  Apply  Weight,  the  graph  will  remain  in 
strongly  canonical  form. 

6.3.  The  Apply  Operations 

As  with  HDDs,  *BMDs  are  constructed  by  starting  with  base  functions  corresponding  to 
constants  and  single  variables,  and  then  building  more  complex  functions  by  combining 
simpler  functions  according  to  some  operation.  In  the  case  of  BDDs  this  combination  is 
expressed  by  a  single  algorithm  that  can  apply  an  arbitrary  Boolean  operation  to  a  pair  of 
functions.  In  the  case  of  *BMDs  we  require  algorithms  tailored  to  the  characteristics  of  the 
individual  operations.  To  simplify  the  presentation,  we  show  only  a  few  of  these  algorithms 
and  attempt  to  do  so  in  as  uniform  a  style  ^ls  possible.  These  algorithms  are  referred  to 
collectively  as  “Apply”  algorithms. 

Figure  14  shows  the  fundamental  algorithm  for  adding  two  functions.  The  function  Plus  Ap¬ 
ply  takes  two  weighted  pairs  indicating  the  argument  functions  and  returns  a  weighted  pair 
indicating  the  result  function.  This  algorithm  can  also  be  used  for  subtraction  by  first  mul¬ 
tiplying  the  second  argument  by  weight  —1.  This  code  closely  follows  the  Apply  algorithm 
for  BDDs  [3].  It  utilizes  a  combination  of  recursive  descent  and  “memoizing,”  where  all 
computed  results  are  stored  in  a  table  and  reused  whenever  possible.  The  recursion  is  based 
on  the  property  that  taking  moments  of  functions  commutes  with  addition.  That  is,  for 
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function  PlusApply^jpalr  (u>i,wi),  pair  (toj,  pai** 

{  Compute  sum  of  two  functions  } 

rfone,  (w,t;)  «-  rermC^ec*(+,  (ti>i,wi), 
if  done  then  return  (w,  v) 

u?',  <-  /2corran^e(+,  (iwj.wz)) 

fcey  ♦-  [+,  ttfi,  Uid(t;i),  v>i,  Uid(t)j)) 
founds  {w,v)  ♦—  LookUp(OpTable,  key) 
if  found  then  return  Apply Weight{w\  (to,v)) 

I  <-  Afin(Var(vi),  \/ar(t^)) 

{  Begin  recursive  section  } 

♦-  Simp/eAfomenl((ivi,vi),  x,  0) 

{w2i,V2i)  *-  SiTnpleMomeni{{w3,V2),  x,  0) 

(yhkiVih)  *-  SimpleMoment({v}i,vi)^  z,  1) 

♦-  SimpleMoment({iOi,V2),  i,  1) 

PlusApply({ioii,Vii)y  (toji,  ujj)) 

(tl>A,»A)  <-  PlusApply({v}iH,vik),  (wja.oja))) 

{  End  recursive  section  } 

{lOyv)  <—  MakeBranch{x,  {wkyVh)) 

Insert^OpTablcy  key,  {w,v)) 
return  Apply Weight{y}' ,  {v},v)) 

function  5imp/cMomeT»<(pair  {Wyv),  variable  i,  integer  6):  pair 
{  Find  moment  of  function  under  special  condition.  } 

{  Variable  either  at  root  vertex  v,  or  not  present  in  graph.  } 

{6  =  0  for  constant  moment,  6  =  1  for  linear  } 

if  Var(o)  ^  x 
if  6  =  0 

then  return  {w,v) 
else  return  (0,A) 
if  6  =  0 

then  return  ApplyWeight{w,  Lo(»)) 
else  return  Apply Weight{wy  Hi(v)) 


Figure  14:  Apply  Algorithm  for  Adding  Two  Functions.  The  algorithm  is  similar  to 
the  coimterpart  for  BDDs. 
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op  {v>i,Vi)  {tD2,V2) 


(0,A) 


(0,A) 


(w,v) 

(102,02) 

(lOljVi) 

Apply  Weight{v}i  + 

W2,  (!,«)) 

Apply  Weight{  it>i , 

{102,02)) 

Apply  Weigkt(  W2 , 

Apply  Weight(  1  / 102 

Table  3:  Termination  Cases  for  Apply  Algorithms.  Each  line  indicates  an  operation, 
a  set  of  terminations,  and  the  returned  result. 


Arguments 

Condition 


Uid(t;i)  >  Uid(u2) 
Uid(ui)  <  Uid(w2) 


\y>i\  >  IW2I 
|«h|  <  |«?2| 


Rearrangements 


Results 


(l.v,) 

(1,W2) 


WI-W2  (l,Vl)  (l,U2) 

1^1-102  (1,W2)  (l,Wl) 


NormWeight{'Wi,  XO2)  {wi/w\vi)  {w2/‘w\v2) 
NormWeight(v}2,  wi)  {y>zl w' iVi)  {w\/w'^vi) 


wilw2  (l,yi)  (1,W2, 


Table  4:  Rearrangements  for  Apply  Algorithms.  These  rearrangements  increase  the 
likelihood  of  reusing  a  previously -computed  result. 
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functions  /  and  g  and  for  variable  x: 


(/  +  9h  —  fx-^9r 
[f  +  aU  =  fi  +  9i 

This  routine,  like  the  other  Apply  algorithms,  first  checks  a  set  of  termination  conditions 
to  determine  whether  it  can  return  a  result  immediately.  This  test  is  indicated  as  a  call 
to  function  TermCheck  having  as  arguments  the  operation  and  the  arguments  of  the  opera¬ 
tion.  This  function  returns  two  values:  a  Boolean  value  done  indicating  whether  immediate 
termination  is  possible,  and  a  weighted  pair  indicating  the  result  to  return  in  the  event  of 
termination.  Some  sample  termination  conditions  are  shown  in  Table  3.  For  the  case  of 
addition,  the  algorithm  can  terminate  if  either  argument  represents  the  constant  0,  or  if 
the  two  arguments  are  multiples  of  each  other,  indicated  by  weighted  pairs  having  the  same 
vertex  element. 

Failing  the  termination  test,  the  routine  attempts  to  reuse  a  previously  computed  result. 
To  maximize  possible  reuse  it  first  rearranges  the  arguments  and  extracts  a  common  weight 
w\  This  process  is  indicated  as  a  call  to  the  function  Rearrange  having  the  same  arguments 
as  TermCheck.  This  function  returns  three  values:  the  extracted  weight  and  the  modified 
arguments  to  the  operation.  Some  sample  rearrangements  are  shown  in  Table  4.  For  the  case 
of  addition  rearranging  involves  normalizing  the  weights  according  to  the  same  conditions 
used  in  MakeBranch  and  ordering  the  airguments  so  that  the  first  has  greater  weight.  For 
example,  suppose  at  some  point  we  compute  6y  —  9z.  We  will  extract  weight  —3  (assuming 
integer  weights)  and  rearrange  the  arguments  as  Zz  and  —2y.  If  we  later  attempt  to  compute 
15z  —  lOy,  we  will  be  able  to  reuse  this  previous  result  with  extracted  weight  5. 

K  the  routine  fails  to  find  a  previously  computed  result,  it  makes  recursive  calls  to  compute 
the  sums  of  the  two  moments  according  to  the  minimum  variable  in  its  two  arguments.  In 
generating  the  arguments  for  the  recursion,  it  calls  a  fimction  SimpleMoment  to  compute  the 
moments.  This  routine  can  only  compute  a  moment  with  respect  to  a  variable  that  either 
does  not  appear  in  the  graph  or  is  at  its  root,  a  condition  that  is  guaranteed  by  the  selection 
of  X  as  the  minimum  variable  in  the  two  graphs.  When  the  variable  does  not  appear  in  the 
graph,  the  constant  moment  is  simply  the  original  function,  while  the  linear  moment  is  the 
constant  0.  When  the  variable  appears  at  the  root,  the  result  is  the  corresponding  subgraph 
multiplied  by  the  weight  of  the  original  argument.  The  final  result  of  PlusApply  is  computed 
by  calling  MakeBranch  to  generate  the  appropriate  function  and  multiplying  this  function 
by  the  constant  extracted  when  rearranging  the  arguments. 

Observe  that  the  keys  for  table  OpTable  index  prior  computations  by  both  the  weights  and 
the  vertices  of  the  (rearranged)  arguments.  In  the  worst  case,  the  rearranging  may  not  be 
effective  at  creating  matches  with  previous  computations.  In  this  event,  the  weights  on  the 
arcs  vrould  be  carried  downward  in  the  recursion,  via  the  calls  to  SimpleMoment.  In  effect, 
we  are  dynamically  generating  BMD  representations  from  the  *BMD  arguments.  Thus,  if 
fimctions  /  and  g  have  BMD  representations  of  size  m/  and  mg,  respectively,  there  would 
be  no  more  than  m/m,  calls  to  PlusApply,  and  hence  the  overall  algorithm  has  worst  case 
complexity  0{mfmg).  As  we  have  seen,  many  useful  functions  have  polynomial  BMD  sizes, 
guaranteeing  polynomial  performance  for  PlusApply.  On  the  other  hand,  some  functions 
blow  up  exponentially  in  converting  from  a  *BMD  to  a  BMD  representation,  in  which  case 
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{  Begin  recursive  section  } 

(t0i{,vi()  *—  SimpleMoment{{wiyVi),  x,  0) 

(t0u,  02i)  ♦—  SimpleMomen^{w3yV3)^  i,  0) 

♦-  Plu8Apply{SimpleMoment{{wi,vi),  x,  1),  {v>it,vii)) 
(toifc.wjfc)  *-  PlusApply(SimpleMoment({t02,V2),  x,  1),  (t02/,t>2/)) 

4-  BinApply(op,  {v>2i,V2i)) 

{«;*,»*)  <-  PlusApply{BinApply{op,  (u>ia,  o,/,),  (ii>2a,  wja)),  {—wi,vt)) 
{  End  recursive  section  } 


Figure  15:  Recursive  Section  of  Apply  Algorithm  for  Arbitrary  Binary  Operation. 
This  generic  algorithm  does  not  exploit  particular  properties  of  the  operation. 

the  algorithm  may  have  exponential  complexity.  We  will  see  with  the  experimental  results, 
however,  that  this  exponential  blow-up  does  not  occur  for  the  cases  we  have  tried.  The 
termination  checks  and  rearrangements  are  very  effective  at  stopping  the  recursion. 

The  Apply  algorithms  for  other  operations  have  a  similar  overall  structure  to  that  for  addi¬ 
tion,  but  differing  in  the  recursive  evaluation.  Comments  in  the  code  of  Figure  14  delimit 
the  “recursive  section”  of  the  routine.  In  this  section  recursive  calls  are  made  to  create  a 
pair  of  weighted  pointers  (uf,  nr)  and  (t&A,  from  which  the  returned  result  is  constructed. 
For  the  remaining  Apply  algorithms  we  show  only  their  recursive  sections. 

Figure  15  shows  the  recursive  section  for  applying  an  arbitrary  binary  operation  op  to  a  pair 
of  functions.  This  algorithm  can  be  seen  to  implement  the  linearized  form  op  defined  by 
Elquations  9  and  9.  At  each  recursive  step  of  the  computation  in  Figure  15,  we  must  sum  the 
moments  of  the  arguments  to  generate  their  positive  cofactors,  recursively  apply  the  opera¬ 
tion  to  these  cofactors,  and  then  subtract  the  constant  moment  to  obtain  a  linear  moment. 
In  effect  we  dynamically  construct  an  MTBDD  representation  of  the  arguments.  Thus,  one 
would  expect  that  this  computation  would  perform  poorly  unless  either  the  arguments  have 
efficient  MTBDD  representations,  or  the  termination  checks  and  rearrangements  can  stop 
the  recursion  from  expanding  into  a  large  number  of  cases. 

Rather  than  resorting  to  the  generic  Apply  algorithm  of  Figure  15,  it  is  preferable  to  exploit 
properties  of  the  operation  so  that  the  positive  cofactors  of  the  arguments  do  not  need  to  be 
generated.  Figure  16  shows  how  this  can  be  done  for  multiplication,  using  the  formulation  of 
linear  product  given  by  E)quation  7.  Each  call  to  MuHApply  requires  four  recursive  calls,  plus 
two  calls  to  PlusApply.  With  the  rearrangements  shown  in  Table  4,  we  can  always  extract 
the  weights  from  the  arguments.  Hence  if  the  arguments  have  *BMD  rep  r»*  .  stations  of 
171/  and  m,  vertices,  respectively,  no  more  than  mjrng  calls  will  be  maae  to  Mult  Apply. 
Unfortunately,  this  bound  on  the  calls  does  not  suffice  to  show  a  polynomial  bound  on  the 
complexity  of  the  algorithm.  The  calls  to  PlusApply  may  blow  up  exponentially. 

6.4.  Affine  Substitution 


27 


{  Begin  recursive  section  } 

(wu,»ij)  SimpleMoment({witVi),  x,  0) 
ow)  *-  SimpleMoment((u)3,V2)^  x,  0) 
thfc)  *-  SimpleMoTneni((wi,vi),  x,  1) 

(vfzh^vih)  <-  SimpleMoment{{w2,V2),  x,  1) 

{tDi,vi)  *-  MultApply{{wn,vii),  {1021,  vu)) 

(tOhh,VHk)  *-  MuItApply((wik,vi^},  (v>2h,V2h}) 

{vM.Vht)  *-  MultApply({wik,viK),  {v>2i,V2i)) 

{vHhyVik)  <“  Mult Apply{{wiu  rut),  (tojfc,  ej^)) 

{rDh^rtk)  *-  PlusApply{{rokk,Vkk),  PlusApply{{rou,Vki),  (m.rifc))) 
{  E)nd  reevtrsive  section  } 


Figure  16:  Recursive  Section  for  Apply  Operation  for  Multiplying  Functions.  This 
operation  exploits  the  ring  properties  of  linear  product. 


AffineSubst{paxr  (w,o),  assignment  p,  assignment 
{  Replace  each  variable  x  in  function  by  p{x)  •  x  +  /5(x)  } 

if  V  =  A  then  return  {ra,v) 

Key  rr-  [t7,  p,  0] 

found,  {tot,  vt)  *—  LookUp{SubstTable,  key) 
if  found  then  return  Apply Weight{w,  {uH,vt)) 

X  4—  Var(x) 

(tojjVi)  ♦-  AffineSubst{\.o{v),  p,  P) 

(rOk,Vh)  *-  AffineSubst(Hi(v),  p,  0) 

{wi,vi)  <-  PlusApply{{rvi,vt),  Apply Weight{0{x),  (wh,Vk)) 
(rok,Vk)  Apply Weight{p(x),  {rvk,Vk)) 

{vH,Vt)  r-  MakeBranch{x,  {wi,vi),  (wf„Vk)) 
lnsert{SubstTable,  key,  (toei®^)) 
return  Apply Weightfra,  {rih,Vt)) 


Figure  17:  Affine  Substitution  Algorithm.  Each  variable  in  the  function  is  replaced  by 
an  affine  transformation  of  the  variable. 
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Circuit 


c=3  Bit  Level 
■■■  Word  Level 


Figure  18:  Formulation  of  Verification  Problem.  The  goal  of  verification  is  to  prove  a 
correspondence  between  a  bit-level  circuit  and  a  word-level  specification 

Figure  17  shows  an  algorithm  for  performing  a  very  general  form  of  function  evaluation  we 
will  call  affine  substitution.  The  idea  is  to  substitute  for  each  vairiable  x  a  function  of  the 
form  mx  -1-  b.  The  result  will  be  a  function  over  the  saime  set  of  variables,  or  possibly  a 
subset  of  these  variables.  By  selecting  different  values  of  m  and  b  we  cam  obtaun  many  useful 
substitutions.  For  example,  with  b  =  a  amd  m  =  0,  we  obtaun  the  result  of  assigning  value  a 
to  the  variatble.  Thus,  this  operation  generalizes  the  linear  evaluation  shown  in  Equation  5, 
including  accounting  for  the  edge  weights.  With  m  =  1  and  6  s  0,  an  identity  substitution 
will  be  performed,  and  hence  the  algorithm  can  be  used  for  partial  evaluation,  where  some 
variables  are  assigned  constants,  while  others  are  unchamged.  With  m  =  —  1  and  6  =  1 ,  we 
replaure  the  variable  by  its  Boolean  complement. 

The  algorithm  is  shown  as  having  functional  arguments  /i  and  /9.  When  applied  to  a  variable 
X,  these  “assignments”  yield  the  constant  factors  to  be  used  in  the  affine  substitution.  The 
aJgorithm  follows  from  the  lineaur  expamsion  of  function  /  with  respect  to  each  variable  x. 
Given  that  /  =  /^  -1-  z/i,  substituting  mx  -I-  6  for  z  yields: 

f\x*~mx+h  ~  fx  "I"  bfi  -f-  Xmfx 

and  hence  this  substitution  yields  a  function  with  moments  f^+bfi  and  m/,. 

The  routine  mauntains  a  table  of  previously  computed  substitutions.  Observe  that  for  given 
assignments  ft  and  /9,  recursive  cadis  are  generated  from  a  vertex  only  once.  The  total  number 
of  calls  to  AffineSubst  is  therefore  lineau:  in  the  graph  size.  Of  course,  the  resulting  calls  to 
PlusApply  could  cause  the  algorithm  to  blow  up  exponentially.  For  the  special  case  of  full 
evaduation,  however,  where  ft{x)  =  0  for  all  variables  z,  each  recursive  call  must  return  a 
constant  function,  and  hence  the  overall  complexity  is  linear. 

7.  Verification  Methodology 


Figure  18  illustrates  schematicadly  an  approach  to  circuit  verification  originally  formulated 
by  Lad  and  Saistry  [15]  using  EVBDDs.  The  overall  goad  is  to  prove  a  correspondence  between 


a  combinational  ciroiit,  represented  by  a  vector  of  Boolean  functions  /,  and  the  specification, 
represented  by  the  word  level  function  F.  More  precisely,  assume  that  the  circuit  inputs 
are  partitioned  into  vectors  of  binary  signals  (in  the  figure  k  =  2).  For  each  set 

ai  signals  x*,  we  are  given  an  encoding  function  Enc^  describing  a  word  level  interpretation 
of  the  signals.  This  function  will  typically  be  a  standard  encoding,  such  as  a  16-bit  two’s 
complement  integer.  The  circuit  implements  a  set  of  Boolean  functions  over  the  inputs, 
denoted  by  the  vector  of  functions  f{x\,..  .,x^).  Typically  this  circuit  is  given  in  the  form 
of  a  network  of  logic  gates.  Furthermore,  we  are  given  an  encoding  function  EnCo  defining 
a  word  level  interpretation  of  the  output.  Finally,  we  are  given  as  specification  a  word-level 
function  F(Xi,. . . , X^).  The  task  of  verification  is  then  to  prove  the  equivalence: 

ENC.(/(*i,...,Xfc))  =  F(ENCi(x*i),...,ENCfc(x‘;))  (12) 

That  is,  the  circuit  output,  interpreted  as  a  word  should  match  the  specification  when  applied 
to  word  interpretations  of  the  circuit  inputs. 

*BMDs  provide  a  suitable  data  structure  for  this  form  of  verification,  because  they  can 
represent  both  bit-level  and  word-level  functions  efficiently.  EVBDDs  can  also  be  used  for 
this  purpose,  but  only  for  the  Umited  class  of  circuit  functions  having  efficient  word-level 
representations  as  EVBDDs.  By  contrast,  BDDs  can  only  represent  bit-level  functions,  and 
hence  the  specification  must  be  expanded  into  bit-level  form.  While  this  cam  be  done  readily 
for  standard  functions  such  as  binary  addition,  a  more  complex  function  such  as  binary  to 
BCD  conversion  would  be  difficult  to  specify  at  the  bit  level. 

7.1.  Component  Verification 

For  circuits  that  can  be  represented  efficiently  as  *BMDs  at  both  the  bit  amd  the  word 
level,  the  test  of  Equation  12  can  be  implemented  directly.  As  an  example,  consider  an 
n  -t-  m- Add-Stepper,  illustrated  in  Figure  19  for  n  =  3  and  m  =  2.  This  circuit  forms  a 
basic  building  block  for  the  class  of  multipliers  we  will  verify.  It  has  as  inputs  an  n  -f  m-bit 
partial  product  input  p,  split  into  high  order  elements  h„_i, . . . ,  /»o,  and  low  order  elements 
This  naming  convention  is  adopted  to  expedite  the  multiplier  verification,  as 
will  be  discussed  shortly.  The  other  inputs  are  an  n-bit  multiplicand  z„_i , . . . ,  zq,  and  a 
single  bit  multiplier  y.  It  produces  an  n  -b  m  -f  1  bit  partial  product  output  Zn-^-m,  ..-iZo. 

The  bit-level  structure  for  the  circuit  is  shown  in  the  figure,  consisting  of  AND  gates  and 
full  adders  blocks.  Each  full  adder  has  three  inputs  a,  6,  and  c.  It  produces  a  sum  output  at 
the  right  hand  side  with  function  a  0  6  0  c.  It  has  a  carry  output  at  the  top,  with  function 
expressed  in  terms  of  linear  operators  asa*6-f-a*c-|-6*c— 2a*6*c.  From  this  representation 
we  can  use  the  aJgorithms  PlusApply  and  MvUApply  to  generate  a  ^BMD  representation  of 
fi{p,x,y),  the  function  at  each  output  z,-  for  0  <  t  <  n  -f-  m. 

The  word-level  specification  for  an  n  -|-  m- Add-Stepper  is  simply  P  +  2”^  y  ■  X,  where  P  and 
X  are  the  word-level  interpretations  of  the  partial  product  and  multiplicand  inputs.  Both  of 
these  inputs  are  encoded  as  unsigned  integers,  as  is  the  output.  Verification  therefore  involves 
proving  that  the  weighted  sum  of  the  bit-level  output  functions:  n+m  2’/i  is  equivalent 

to  the  word-level  specification.  As  with  BDDs,  this  process  can  be  completely  automated 
and  works  well  even  for  more  complex  realizations  such  as  carry-lookahead  adders. 
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Figure  19:  Bit-Level  Representation  of  Add-Stepper.  This  circuit  is  a  ba^ic  component 
of  the  Multplier. 
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7.2.  Hierarchical  Verification 


For  larger  scale  circuits,  representing  the  bit-level  functionality  becomes  too  cumbersome 
and  hence  the  method  described  above  cannot  be  applied  directly.  For  example,  attempting 
to  construct  the  bit-level  functions  for  a  multiplier  would  cause  exponential  blow-up  with 
*BMDs,  just  as  it  does  with  BDDs.  Instead,  we  can  follow  a  hierarchical  approach  in  which 
the  overall  circuit  is  divided  into  components,  each  having  a  word-level  specification.  Verifi¬ 
cation  then  involves  proving  1)  that  each  component  implements  its  word-level  specification, 
and  2)  that  the  composition  of  the  word-level  component  functions  matches  the  specifica¬ 
tion.  This  approach  works  well  for  circuits  in  which  the  components  have  simple  word-level 
specifications.  Such  is  the  case  for  most  arithmetic  circuits. 

Figure  20  illustrates  this  process  for  a  3-bit  combinational  multiplier.  The  bit  level  structure 
for  this  circuit  is  shown  at  the  top.  The  first  stage  of  this  circuit  is  a  Bit-multiplier  (BM), 
containing  just  the  AND  gates  of  an  Add-stepper.  The  remaining  stages  are  Add-steppers 
with  increasing  values  of  m.  At  each  stage  t,  input  y,  serves  as  the  multiplier  bit.  The 
justification  for  our  hierzirchical  verification  is  shown  by  the  progression  from  top  to  bottom 
in  the  figure.  The  verification  of  component  AS  3  d-  2,  indicates  an  equivalence  between 
the  component  output  interpreted  as  a  word,  and  its  specification  when  applied  to  word 
interpretations  of  the  circuit  inputs  (Figure  18).  Thus,  we  can  replace  the  final  stage  in 
the  circuit  by  its  specification,  shifting  the  encoding  operations  to  the  component  inputs 
(middle).  Continuing,  we  can  similarly  replace  the  second  to  last  stage  by  its  specification, 
shifting  the  encoding  operations  to  its  inputs.  Finally,  we  can  replace  the  first  stage  by 
its  specification,  shifting  the  encoding  operation  to  input  x  (bottom).  Observe  that  the 
multiplier  inputs  y  remain  in  bit-level  form.  In  general  this  methodology  can  use  word-level 
representations  of  some  signals  and  bit-level  representations  of  others. 

As  this  figure  illustrates,  once  we  have  verified  all  of  the  components,  we  can  verify  the 
overall  circuit  behavior  by  composing  their  word-level  specifications.  For  the  case  of  the 
multplier  this  involves  proving  that  a  sequence  of  add  steps  implements  multiplication.  Note 
that  in  moving  the  encoding  operations  backward  in  the  circuit,  we  require  that  the  encoding 
function  for  a  component  input  must  match  the  output  encoding  of  the  component  supplying 
that  input. 


7.3.  Experimental  Results 

Table  5  indicates  the  results  for  verifying  a  number  of  multiplier  circuits  having  the  same 
structure  as  that  of  Figure  20.  As  can  be  seen,  this  approach  remains  practical  for  large 
word  sizes.  Our  results  are  limited  to  a  62-bit  word  size  only  because  our  weight  values  are 
represented  as  64-bit  signed  integers.  We  plan  to  extend  our  implementation  to  use  arbitrary 
precision  arithro^.tic,  enabling  us  to  go  well  beyond  this  limit. 

The  table  also  shows  the  time  required  to  verify  a  single  n-l-n- Add- Stepper.  One  can  see  that 
this  time  grows  linearly  with  the  word  size.  Note  also  that  the  time  to  completely  verify  an 
nxn  muliplier,  including  verifying  all  n  Add-Steppers,  is  less  than  n  times  that  of  the  final 
Add-Stepper.  The  reason  for  this  is  that  much  of  the  computation  for  the  Add-Steppers  can 
be  reused.  By  the  way  we  have  named  the  psurtial  product  input  variables  p,  the  bit-level 
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Bit-Level  Circuit 


Figure  20:  Hierarchical  Verification  of  Multiplier.  The  bit-level  representations  of  the 
circuit  blocks  are  replaced  by  their  word-level  specifications. 
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Word  Size 

2-input  gates 

Mult.  Time(3ec) 

Add-Stepper  Time(sec) 

4x4 

100 

0.37 

0.25 

8x8 

456 

2.25 

0.68 

12  X  12 

1068 

5.47 

1.12 

16  X  16 

1936 

11.53 

1.68 

20  x20 

3060 

20.68 

2.00 

24  x24 

4440 

25.28 

2.50 

28  x28 

6076 

35.62 

2.94 

32x32 

7968 

49.17 

3.22 

40  x40 

12520 

92.95 

4.32 

48  x48 

18096 

152.65 

5.08 

56  x56 

24696 

226.32 

5.77 

62  x62 

30318 

217.17 

6.87 

Table  5:  Verification  Results  for  Combinational  Multipliers. 

outputs  for  the  Add-Steppers  hardly  change.  In  our  code,  we  run  through  the  complete 
construction  of  all  of  the  Add-Steppers,  but  many  of  the  results  are  found  in  the  various 
stored  tables.  Even  so,  the  time  for  the  multiplier  verification  grows  slightly  worse  than 
quadratically  in  the  word  size.  Given  that  the  hardware  complexity  scales  quadratically 
in  the  word  size,  this  performance  is  reasonable,  although  we  believe  it  could  be  further 
improved.  We  have  no  explanation  why  the  verification  of  a  56-bit  multiplier  requires  more 
time  than  a  62-bit  one.  The  56-bit  result  appears  to  be  an  outlier  in  the  performance  trend. 

These  results  are  especially  appealing  in  light  of  prior  results  on  multiplier  verification.  A 
brute  force  approach  based  on  BDDs  cannot  get  beyond  even  modest  word  sizes.  Ochi  et 
ai  [19]  have  successfully  built  the  OBDDs  for  a  15-bit  multiplier,  requiring  over  12  million 
vertices.  Increasing  the  word  size  by  one  bit  causes  the  number  of  vertices  to  increase  by 
a  factor  of  approximately  2.7,  and  hence  even  more  powerful  computers  will  not  be  able  to 
get  much  beyond  this  point.  Jain  [13]  verified  the  16th  output  of  circuit  C6288,  a  16  x  16 
multiplier  using  a  combination  of  BDDs,  partial  enumeration  of  the  inputs,  and  probabilistic 
methods.  The  computation  required  3-1/2  hours  on  a  high  performance  workstation.  Given 
the  use  of  explicit  enumeration,  it  is  unlikely  that  this  approach  would  scale  well  to  larger 
word  sizes.  Burch  [6]  has  implemented  a  BDD-based  technique  for  verifying  certain  classes  of 
multipliers.  His  method  effectively  creates  multiple  copies  of  the  multiplier  and  multiplicand 
variables,  leading  to  BDDs  that  grow  cubically  with  the  word  size.  This  approach  works 
for  multipliers,  such  as  ours,  that  form  ail  possible  product  bits  of  the  form  x,  A  yj  and 
then  sum  these  bits.  Burch  reports  verifying  C6288  in  40  minutes  on  a  Sun-3  using  12 
MBytes  of  memory.  The  limiting  factor  in  dealing  with  larger  word  sizes  would  be  the 
cubic  growth  in  memory  requirement.  Turthemore,  this  approach  cannot  handle  multipliers 
that  use  multiplier  recoding  techniques,  although  Burch  describes  extensions  to  handle  some 
forms  of  recoding. 

Although  we  have  only  tried  our  methods  on  synthetically-generated  multipliers  based  on 
add  steps,  we  are  confident  that  we  can  handle  C6288,  as  well  as  multipliers  using  multiplier 
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recoding  and  other  more  advanced  techniques. 


8.  Conclusions 

*BMDS  provide  an  efficient  representation  for  functions  mapping  Boolean  variables  to  nu¬ 
meric  values.  They  can  represent  a  number  of  word-level  functions  in  a  compact  form.  They 
also  represent  Boolean  functions  with  complexity  comparable  to  BDDs.  They  are  therefore 
suitable  for  implementing  a  verification  methodology  in  which  bit-level  circuits  are  compared 
to  word-level  specifications.  By  exploiting  circuit  hierarchy,  we  are  able  to  verify  circuits 
having  functions  that  are  intractable  to  represent  at  the  bit  level. 

At  this  stage  of  research,  there  are  many  open  problems  regarding  this  representation.  We 
need  to  characterize  the  behavior  of  ^BMDs  in  representing  Boolean  functions.  For  all 
examples  we  have  tried,  their  sizes  are  comparable  to  BDD  representations.  Either  a  formal 
relation  should  be  established,  such  as  has  been  done  for  EVBDDs  [15],  or  a  distinction 
should  be  proved,  such  as  has  been  done  for  FDDs  [2].  In  addition,  the  performance  of 
the  Apply  algorithms  need  to  be  characterized,  indicating  when  they  avoid  exponential 
complexity. 

Verification  of  multipliers  and  other  arithmetic  circuits  using  *BMDs  seems  quite  promising, 
but  these  ideas  must  be  tested  and  extended  further.  In  developing  a  comprehensive  veri¬ 
fication  system  based  on  our  hierarchical  methodology,  it  would  be  good  to  have  a  “proof 
manager”  that  keeps  track  of  what  components  have  been  verified,  checks  for  compatibility 
between  encodings,  etc. 

The  hierarchical  verification  methodology  described  here  extends  to  sequential  circuits  as 
well.  For  modeling  such  circuits,  one  could  implement  a  form  of  symbolic  simulator,  where 
blocks  of  the  circuit  can  be  modeled  at  either  the  bit  or  the  word  level.  For  example,  one 
could  verify  a  sequential  multiplier  by  first  simulating  a  single  cycle  at  the  bit  level  to  show  it 
implements  em  add  step,  and  then  a  series  of  cycles  at  the  word  level  to  show  this  implements 
multiplication. 

Our  method  shows  some  promise  for  verifying  floating  point  hardware,  although  difficult 
obstacles  must  be  overcome.  Using  a  version  that  supports  rational  numbers,  we  can  effi¬ 
ciently  represent  the  word  level  functions  denoted  by  standard  floating  point  formats.  This 
fact  follows  from  our  ability  to  represent  integer  formats  plus  exponentials.  Floating  point 
hardware,  however,  only  computes  approximations  of  arithmetic  functions.  Thus,  verifica¬ 
tion  requires  proving  equivalence  within  some  tolerance,  rather  than  the  strict  equivalence 
of  the  current  methodology.  It  is  unclear  whether  such  a  test  can  be  performed  efficiently. 

Many  techniques  developed  for  improving  the  efficiency  and  compactness  of  BDDs  could  be 
extended  to  *BMDs.  Among  these  are  dynamic  variable  reordering  [20],  and  loosening  the 
ordering  requirement  from  a  uniform  total  ordering  to  one  in  which  variables  may  appear 
in  different  orders  along  different  paths  in  the  graphs  [11,  22].  Our  experience  thus  far  has 
been  that  viable  ordering  is  not  as  critical  when  representing  functions  at  the  word  level 
as  it  is  with  bit- level  representations.  Nonetheless,  these  issue  bear  further  investigation. 

Some  of  the  applications  proposed  for  EVBDDs  and  MTBDDs  may  work  well  with  *BMDs. 
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Among  these  are  matrix  operations  and  spectral  transforms.  Applications  requiring  efficient 
equation  solving,  such  as  integer  linear  programming,  on  the  other  hand,  are  probably  not 
good  candidates.  In  any  case,  the  opportunities  for  further  exploration  seem  limitless. 
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